Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

SOLVED Email bypasses Spamassassin?

Discussion in 'E-mail Discussion' started by SupraMario, Dec 12, 2017.

Tags:
  1. SupraMario

    SupraMario Member

    Joined:
    Mar 28, 2006
    Messages:
    16
    Likes Received:
    2
    Trophy Points:
    153
    I've done hours of reading up on this and cannot find any solution that fits.

    Every solution relates to "you have a filter setup that is killing the email"
    That would be nice if this email account had any filter.
    Would also be nice if the domain account had a 'global filter' set specific to this.

    We run spamassassin and these emails are bypassing spamassassin, but still being routed to /dev/null.

    Example :
    Code:
    2017-12-12 17:44:52 1eOeJ3-00082s-Sg H=mail-it0-f45.google.com [209.85.214.45]:45933 Warning: "SpamAssassin as ela34883 detected message as NOT spam (3.1)"
    2017-12-12 17:44:52 1eOeJ3-00082s-Sg H=mail-it0-f45.google.com [209.85.214.45]:45933 Warning: Message has been scanned: no virus or other harmful content was found
    2017-12-12 17:44:52 1eOeJ3-00082s-Sg <= mario@senderaddress H=mail-it0-f45.google.com [209.85.214.45]:45933 P=esmtps X=TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no S=5190 id=78dfd4a9-4451-66a9-9b79-7f32ede943d2@hostname T="testing" for valet@recipientaddress
    2017-12-12 17:44:52 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1eOeJ3-00082s-Sg
    2017-12-12 17:44:52 1eOeJ3-00082s-Sg => /dev/null <valet@recipientaddress> R=central_filter T=**bypassed**
    2017-12-12 17:44:52 1eOeJ3-00082s-Sg Completed
    
    Note spamassassin has "detected message as NOT spam"
    
    -

    So I check the 'global' filter in /etc/vfilter/domainanme

    -
    Code:
    # Exim filter - auto-generated by cPanel.
    #
    # Do not manually edit this file; instead, use cPanel APIs to manipulate
    # email filters. MANUAL CHANGES TO THIS FILE WILL BE OVERWRITTEN.
    #
    
    if not first_delivery and error_message then finish endif
    
    #Generated Apache SpamAssassin™ Discard Rule
    if
     $h_X-Spam-Bar: contains "+++"
    then
     save "/dev/null" 660
    endif
    
    
    It's the standard spamassassin rule. I'm completely out of my depth trying to work out what is going on here. This is starting to cause some serious problems with delivery for users, others couldnt work it out so we shifted them to G Suite to bypass this issue as we couldnt get an actual solution.

    Cpanel version : v68.0.19
     
    #1 SupraMario, Dec 12, 2017
    Last edited by a moderator: Dec 12, 2017
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    43,943
    Likes Received:
    1,820
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    You can browse to "cPanel >> SpamAssassin" and modify or disable the following option:

    Spam Auto-Delete

    The "score" setting for this option is separate from the default score SpamAssassin uses to determine if a message is SPAM. If you want to leave the option enabled, try increasing the value to a more conservative number (6 or 7).

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. SupraMario

    SupraMario Member

    Joined:
    Mar 28, 2006
    Messages:
    16
    Likes Received:
    2
    Trophy Points:
    153
    Disabling auto-delete seems to have worked, my first test went through. I might re-enable it and send the same email again to verify.

    2017-12-13 07:24:19 1eOr66-00025b-SJ H=mail-ot0-f176.google.com [74.125.82.176]:39259 Warning: "SpamAssassin as ela34883 detected message as NOT spam (2.3)"
    2017-12-13 07:24:19 1eOr66-00025b-SJ H=mail-ot0-f176.google.com [74.125.82.176]:39259 Warning: Message has been scanned: no virus or other harmful content was found
    2017-12-13 07:24:19 1eOr66-00025b-SJ <= SENDEREMAIL H=mail-ot0-f176.google.com [74.125.82.176]:39259 P=esmtps X=TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no S=4946 id=CAMn1Kk1pVhXOHB+qcQi+AcWV+SaxsxfDqGqg+3n6bKvDgyD6Wg@mail.gmail.com T="Test 6am" for RECIPIENTEMAIL
    2017-12-13 07:24:19 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1eOr66-00025b-SJ
    2017-12-13 07:24:19 1eOr66-00025b-SJ => valet <RECIPIENTEMAIL> R=virtual_user T=dovecot_virtual_delivery C="250 2.0.0 <RECIPIENTEMAIL> SDWLKfM6MFpfHAAAlCdKhg Saved"
    2017-12-13 07:24:19 1eOr66-00025b-SJ Completed

    I am completely confused, HOW and WHY would an email that 'passes' spamassassin rule check, then be 'auto deleted' if it passes all spamassassin's checks???

    That seems very much like a bug in the system.
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    43,943
    Likes Received:
    1,820
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    The "score" setting for the the Auto Delete option is separate from the default score SpamAssassin uses to determine if a message is SPAM. The default score for SpamAssassin itself is configured separately in "cPanel >> SpamAssassin" by clicking on the "Configure Apache SpamAssassin" button at the bottom of the page.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. SupraMario

    SupraMario Member

    Joined:
    Mar 28, 2006
    Messages:
    16
    Likes Received:
    2
    Trophy Points:
    153
    Ok, that I never realised and I've been using cpanel system for years now!

    so any auto-delete settings that a client (or I) modify for an account, should really be in line with the general spamassassin ruleset, that way if they're both equal it would be easier to diagnose an issue like this.

    Since in this instance the autodelete was enabled with score of '3'
    General setting was default at '5'

    So in my earlier example, the email had a score of '3.1' and was being autodeleted, so it must say '3.1 == 3' and delete, when really 3.1 is higher than 3
     
  6. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    43,943
    Likes Received:
    1,820
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    Right, if the "Auto Delete" score is set to "3", then any messages that SpamAssassin scores higher than 3 (e.g. 3.1, 3.2, 4, 5, etc) is automatically removed.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    linux4me2 likes this.
  7. SupraMario

    SupraMario Member

    Joined:
    Mar 28, 2006
    Messages:
    16
    Likes Received:
    2
    Trophy Points:
    153
    CpanelMichael - 100% ... I just re-read my posts, I don't know why / what planet I was on wondering why 3.1 was being deleted when 3 was the threshold :)

    Unless I was thinking golf scores where the lower number = higher .. kicked my brain back into gear now.

    Thank you for your assistance with this.
     
    cPanelMichael likes this.
  8. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    43,943
    Likes Received:
    1,820
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hi @SupraMario,

    No problem! I'm happy to have helped.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice